General Data Protection Regulation FAQs

If your business is based in the European Union (EU), or you process the personal data of EU citizens, the General Data Protection Regulation (GDPR) affects you.

In this article, we'll answer common questions about Mailchimp and the GDPR.

Note

Mailchimp offers tools and information as a resource, but we don’t offer legal advice. We recommend you contact your legal counsel to find out how the GDPR affects you.

Consent

Can I collect consent for other tools through Mailchimp's GDPR signup forms?

Yes. You can edit the suggested language for the GDPR fields of our signup forms to collect consent for use outside of Mailchimp. If you choose to write your own descriptions, make sure you’re explicit about why you’re collecting data.

How can I prove consent?

Export your audience.
If a contact signed up for your audience through a Mailchimp-hosted form, you can export your audience and review the OPTIN_TIME and OPTIN_IP fields in your exported CSV file. These fields contain the date, time, and IP address associated with the signup.

Turn on double opt-in.
You can enable double opt-in, which includes an extra confirmation step that verifies each email address. After turning on double opt-in, export your audience and review the CONFIRM_TIME and CONFIRM_IP fields in your exported CSV file. These fields contain the date, time, and IP address associated with the confirmation.

Take a screenshot of your signup form.
You can capture an image of your signup form to prove you accurately described your marketing activities. You can also access this information in our form versions.

Update your website's privacy statement or policy to state you use Mailchimp to store information.

Make sure your Cookie Statement describes any cookies or tracking technologies you might use.
If you’re not sure, Mailchimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through Mailchimp.

The GDPR could affect your business outside of Mailchimp. We recommend you contact your legal counsel to find out how the GDPR affects you.

Existing Contacts

Do I need to get consent from my existing contacts?

If you collected consent from existing contacts in a way that complies with the GDPR, you may not need to collect consent from those contacts again.

Otherwise, you'll need to collect GDPR-friendly consent from the contacts you already have. Send a consent email to everyone in your audience that includes a link to update their settings. We are not aware of anything that specifically prohibits you from sending a reconfirmation email after May 25th. Some EU authorities recommend that businesses periodically refresh consent, suggesting that reconfirmations can still be sent.

The important thing is that you need to ensure that you have a legal basis – such as consent or a legitimate interest – to send an email to a contact.

If you don’t feel like you have a proper basis under the GDPR to email a contact, you may want to refrain from sending a reconfirmation email and remove the contact from your audience. As always, we suggest you reach out to local counsel in your area to discuss the specifics of your situation.

If my contacts don’t consent, should I stop communicating with them?

You need to have a legal basis, like consent, to process an EU data subject’s personal data.

Use your Marketing Permissions segments to communicate only with contacts who have expressly opted-in to your marketing. You may find it helpful to bulk unsubscribe all contacts who have not opted to receive any marketing from you.

How can I see who signed up using double opt-in?

OPTIN_TIME
The time a contact accessed your signup form, if they used it to sign up.
CONFIRM_TIME
The date and time the contact clicked the link in the opt-in confirmation email.
If the values of the OPTIN_TIME and CONFIRM_TIME fields are different, it is likely the contact signed up using double opt-in.

If you’ve combined multiple audiences using the built-in combine audiences tool, the OPTIN_TIME field won't be included in your exported file. You won’t be able to verify the opt-in status of contacts.

Imports and Exports

Can I import contacts who have given consent outside of Mailchimp?

Yes. If you have GDPR forms enabled for an audience, you can import contacts who have given GDPR-friendly consent for marketing permissions.

Can I view marketing permissions in an audience export?

Yes. If you export a GDPR-enabled audience, one CSV file header will match the GDPR form field label in your segments. This field will display each marketing permission the contact has opted-in to.

Deleting Contacts

How do I fully delete a contact's data?

Choose the delete option from their profile page. This action permanently removes all of a contact’s personal information and anonymizes their data in your reports. After you delete a contact, you won’t be able to add them back to your audience.

If one of your contacts asks us to remove their data from every account in Mailchimp, we'll notify you with an email. After you receive the email, you'll have 30 days to delete the contact from every audience they're in, as well as any connected integrations.

Signup Forms

Can I translate GDPR fields in Mailchimp's signup forms?

You can translate any GDPR field except the Privacy Policy and Terms field. You can also translate other parts of your signup form. For more information, check out Translate Signup Forms.

Can I use GDPR fields with Mailchimp Subscribe?

No. GDPR fields are not compatible with form integrations or Mailchimp Subscribe.

Can I edit the Privacy Policy and Terms field in my form?

No. The Privacy Policy and Terms field lets your contacts know that you’ll be storing their info in your Mailchimp account. A link to Mailchimp’s Privacy Policy and Terms is included.

Can I make the Options field on GDPR forms required?

Yes. When you edit the fields on your GDPR-friendly form, check the box next to Require at least one option. If this is enabled for your form, at least one marketing permission checkbox must be selected before a contact can subscribe.

API

Are GDPR tools available in the API?

Yes. We've added marketing_permissions as a field with a boolean value, so you can enable GDPR fields and sync contact marketing permissions using the API. To learn more about managing your audience with the Mailchimp API, check out our API documentation.

To comply with requests to fully delete data, you can also permanently delete contacts using the API. After a contact is permanently deleted, they cannot be re-imported.

Connected Sites and Integrations

What if I transfer data from a site or e-commerce store to my Mailchimp account?

You are responsible for determining whether other third-party applications, including connected sites and e-commerce stores, meet GDPR requirements.

If you rely on consent to process subscribers' personal data, double check whether the consent that you previously obtained meets the GDPR's standards. For example, check third-party integrations to be sure they don't automatically add people to your Mailchimp audience without an opt-in checkbox that clearly states how you'll use that person's data. You should also review the terms associated with any Mailchimp add-ons or third-party integrations you use.

What’s the penalty if I don’t comply with the GDPR?

Where are Mailchimp’s servers?

Our servers are located in the United States. Because Mailchimp certifies to the Privacy Shield framework, we can lawfully receive EU data.

If you’re located in the EU or use Mailchimp to market to anyone in the EU, review Section 20 of our Terms of Use and Section 5(E) of our Privacy Policy. These sections include important information about how Mailchimp treats EU data, and what you should do if you’re keeping EU data in your Mailchimp account.

Technical Support

Have another question? Paid users can log in for email or chat support.

Was this article helpful?

Yes

No

Awesome! Can you tell us more about your experience today?

It was easy to find what I was looking for.

I could easily scan a help article to find the information I needed.

The help articles are easy to read.

The help articles helped me resolve my issue.

Mailchimp is easy to use.

I just love Mailchimp!

Other.

Sorry we couldn't be more help. Can you tell us about your experience today?

The help articles don't make sense.

I wish there was a video that showed me how to do this.

What I'm trying to do in Mailchimp doesn't work the way I think it should.

It was hard to find what I was looking for.

I never found what I was looking for at all.

I have to contact Support to resolve my issue (for example, an account or billing problem).